Updated on 2023-12-18 GMT+08:00

VPC Flow Log Overview

What Is a VPC Flow Log?

A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and network ACL rules require modification.

Currently, the VPC flow log function is supported in certain regions. You can go to Function Overview and click VPC Flow Log to check.

VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log stream in LTS. Figure 1 shows the process for configuring VPC flow logs.

Figure 1 Configuring VPC flow logs

The VPC flow log function itself is free of charge, but you may be charged for other resources used. For example, the storage of VPC flow log records will be charged. For details, see Log Tank Service User Guide.

Notes and Constraints

  • Currently, S2, M2, Hc2, D2, Pi1, S3, C3, M3, H3, Ir3, I3, S6, E3, C3ne, M3ne, G5, P2v, C6, M6, Pi1, and H3 ECSs support VPC flow logs.

    For details about ECS types, see ECS Types.

  • Each account can have up to 10 VPC flow logs in a region.